osiam - MIT licensed Open Source Identity and Access Management implementing OAuth 2.0 and SCIMv2.

  •        2

Active development of this project has stopped. OSIAM is published under the MIT licence, giving you the greatest freedom possible to utilize OSIAM in you project or product. Watch our blog to stay informed about releases and upcoming changes.

http://osiam.github.io/
https://github.com/osiam/osiam

Tags
Implementation
License
Platform

   




Related Projects

loginsrv - JWT login microservice with plugable backends such as OAuth2, Github, htpasswd, osiam

  •    Go

loginsrv is a standalone minimalistic login server providing a JWT login for multiple login backends.The following providers (login backends) are supported.

fosite - Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.

  •    Go

The security first OAuth2 & OpenID Connect framework for Go. Built simple, powerful and extensible. This library implements peer-reviewed IETF RFC6749, counterfeits weaknesses covered in peer-reviewed IETF RFC6819 and countermeasures various database attack scenarios, keeping your application safe when that hacker penetrates or leaks your database. OpenID Connect is implemented according to OpenID Connect Core 1.0 incorporating errata set 1 and includes all flows: code, implicit, hybrid.OAuth2 and OpenID Connect are difficult protocols. If you want quick wins, we strongly encourage you to look at Hydra. Hydra is a secure, high performance, cloud native OAuth2 and OpenID Connect service that integrates with every authentication method imaginable and is built on top of Fosite.

tut-spring-boot-oauth2 - Spring Boot and OAuth2:: A tutorial on "social" login and single sign on with Facebook and Github

  •    Java

This guide shows you how to build a sample app doing various things with "social login" using OAuth2 and Spring Boot. It starts with a simple, single-provider single-sign on, and works up to a self-hosted OAuth2 Authorization Server with a choice of authentication providers (Facebook or Github). The samples are all single-page apps using Spring Boot and Spring OAuth on the back end. They also all use plain jQuery on the front end, but the changes needed to convert to a different JavaScript framework or to use server side rendering would be minimal. Because one of the samples is a full OAuth2 Authorization Server we have used the shim JAR which supports bridging from Spring Boot 2.0 to the old Spring Security OAuth2 library. The simpler samples could also be implemented using the native OAuth2 support in Spring Boot security features. The configuration is very similar.

hydra - OAuth2 server with OpenID Connect - cloud native, security-first, open source API security for your infrastructure

  •    Go

ORY Hydra is a hardened OAuth2 and OpenID Connect server optimized for low-latency, high throughput, and low resource consumption. ORY Hydra is not an identity provider (user sign up, user log in, password reset flow), but connects to your existing identity provider through a consent app. Implementing the consent app in a different language is easy, and exemplary consent apps (Go, Node) and SDKs (Go, Node) are provided.Besides mitigating various attack vectors, such as database compromisation and OAuth 2.0 weaknesses, ORY Hydra is able to securely manage JSON Web Keys, and has a sophisticated policy-based access control you can use if you want to. Click here to read more about security.

osin - Golang OAuth2 server library

  •    Go

OSIN is an OAuth2 server library for the Go language, as specified at http://tools.ietf.org/html/rfc6749 and http://tools.ietf.org/html/draft-ietf-oauth-v2-10.It also includes support for PKCE, as specified at https://tools.ietf.org/html/rfc7636, which increases security for code-exchange flows for public OAuth clients.


tut-spring-security-and-angular-js - Spring Security and Angular:: A tutorial on how to use Spring Security with a single page application with various backend architectures, ranging from a simple single server to an API gateway with OAuth2 authentication

  •    TypeScript

Spring Security and Angular:: A tutorial on how to use Spring Security with a single page application with various backend architectures, ranging from a simple single server to an API gateway with OAuth2 authentication.

oauth2-server - A spec compliant, secure by default PHP OAuth 2.0 Server

  •    PHP

league/oauth2-server is a standards compliant implementation of an OAuth 2.0 authorization server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.This library was created by Alex Bilbie. Find him on Twitter at @alexbilbie.

django-oauth-toolkit - OAuth2 goodies for the Djangonauts!

  •    Python

Django OAuth Toolkit can help you providing out of the box all the endpoints, data and logic needed to add OAuth2 capabilities to your Django projects. Django OAuth Toolkit makes extensive use of the excellent OAuthLib, so that everything is rfc-compliant.We love contributions, so please feel free to fix bugs, improve things, provide documentation. Just follow the guidelines and submit a PR.

pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments

  •    Python

Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its functionality. Current modules enable a range of attacks, including user privilege escalation, backdooring of IAM users, attacking vulnerable Lambda functions, and much more. Pacu is a fairly lightweight program, as it requires only Python3.5+ and pip3 to install a handful of Python libraries. Running install.sh will check your Python version and ensure all Python packages are up to date.

spring-boot-security-saml-sample - Sample SAML 2.0 Service Provider with Spring Boot.

  •    Java

Currently Spring Security SAML module doesn't provide a starter for Spring Boot. Moreover, its configuration is XML-based as of this writing. The aim of this project is to explain how to develop a Service Provider (SP) which uses Spring Boot and Spring Security SAML Extension, by defining an annotation-based configuration (Java Configuration). Thymeleaf is also used as template engine.

Apache Oltu - OAuth protocol implementation in Java

  •    Java

Apache Oltu is an OAuth protocol implementation in Java. It also covers others "OAuth family" related implementations such as JWT, JWS and OpenID Connect.

spring-boot-security-oauth2-minimal - Minimal implementation of Authorization Server, Resource Server and OAuth2 Client in Spring Boot with Spring Security and JWT

  •    Java

Spring Boot can be pretty magical, especially with regard to auto-configuration. While I'm a fan of convention-over-configuration development (I've used Grails for years), that doesn't mean it always makes sense. At least not at first, to newcomers like me. I found that some of the documentation and examples tend to gloss over "minor details" which makes it hard to grasp why you need to do something, or when the framework takes care of it for you. It took me quite a few hours of trial-and-error, tracing execution paths, reading auto-configuration classes, failing with out-of-date examples, etc.

security_monkey - Security Monkey

  •    Python

Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. It provides a single UI to browse and search through all of your accounts, regions, and cloud services. The monkey remembers previous states and can show you exactly what changed, and when.Security Monkey can be extended with custom account types, custom watchers, custom auditors, and custom alerters.

DotNetOpenAuth - A C# implementation of the OpenID, OAuth protocols

  •    CSharp

The C# implementation of the OpenID, OAuth protocols. Use DotNetOpenAuth to create Identity Providers and Identity Consumers (Relying Parties).

MITREid Connect - An OpenID Connect reference implementation in Java on the Spring platform

  •    Java

This project contains a certified OpenID Connect reference implementation in Java on the Spring platform, including a functioning server library, deployable server package, client (RP) library, and general utility libraries. The server can be used as an OpenID Connect Identity Provider as well as a general-purpose OAuth 2.0 Authorization Server.

flask-oauthlib - OAuthlib implementation for Flask.

  •    Python

Flask-OAuthlib is an extension to Flask that allows you to interact with remote OAuth enabled applications. On the client site, it is a replacement for Flask-OAuth. But it does more than that, it also helps you to create OAuth providers.Flask-OAuthlib relies on oauthlib.